In this section, we discuss a few other topics relevant to J2EE security, including securing enterprise resource managers, web service security, and single sign-on.
An enterprise may have a wide range of enterprise resource managers such as relational database systems and message-oriented middleware products. To establish a connection to these resources, authentication is often required. You can manage the authentication details for these resource managers in one of two ways. You can manage it yourself in your application code, or you can use the application server or container to manage the connection details for you.
Resource manager references are declared in web and EJB
deployment descriptors using
<resource-ref> elements. Full
details on declaring resource references in deployment descriptors
can be found in Chapter 2.
In terms of the authentication mode to be used with a given
resource, this is specified using the
<res-auth> element within the
<resource-ref> element. To
indicate that the container should handle authentication details,
Container. You then need to
configure the authentication details for the resource in the
container, using its management tools or container-specific
configuration files. If you’d prefer to manage the authentication
details in your application code, set the
<res-auth> value to
Application. It’s usually preferable to use container-managed authentication ...